Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/68a014-7dba-4430-8dde-01c827d6e0fe/1/Mv0ndK2HEF88sVwPUYiBgBgLL24.roa
File:                     Mv0ndK2HEF88sVwPUYiBgBgLL24.roa (raw, json)
Hash identifier:          PA2B36LXk4gz3xeGksqWvMJPb0JcjgVXEcggY8FS4ec=
Subject key identifier:   32:FD:27:74:AD:87:10:5F:3C:B1:5C:0F:51:88:81:80:18:0B:2F:6E
Certificate issuer:       /CN=7190f5d5f92a486362177a42b3d5efda20e220e1
Certificate serial:       018CC8DE4F3B8BCA609CD635B8F24224F9B3
Authority key identifier: 71:90:F5:D5:F9:2A:48:63:62:17:7A:42:B3:D5:EF:DA:20:E2:20:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cZD11fkqSGNiF3pCs9Xv2iDiIOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/68a014-7dba-4430-8dde-01c827d6e0fe/1/Mv0ndK2HEF88sVwPUYiBgBgLL24.roa
Signing time:             Tue 02 Jan 2024 06:31:01 +0000
ROA not before:           Tue 02 Jan 2024 06:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211742
IP address blocks:        195.245.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/68a014-7dba-4430-8dde-01c827d6e0fe/1/cZD11fkqSGNiF3pCs9Xv2iDiIOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/68a014-7dba-4430-8dde-01c827d6e0fe/1/cZD11fkqSGNiF3pCs9Xv2iDiIOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cZD11fkqSGNiF3pCs9Xv2iDiIOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:4f:3b:8b:ca:60:9c:d6:35:b8:f2:42:24:f9:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7190f5d5f92a486362177a42b3d5efda20e220e1
        Validity
            Not Before: Jan  2 06:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32fd2774ad87105f3cb15c0f51888180180b2f6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:62:e5:b7:64:b4:9c:db:c0:3c:9d:65:9b:4b:
                    f6:b7:3e:00:73:de:fb:c7:0e:88:6d:9e:97:da:0a:
                    25:ca:7f:b0:96:ed:d3:12:b4:f5:48:15:20:75:1c:
                    c7:4d:5f:b9:1b:cd:b6:89:b1:65:4a:c2:67:62:c1:
                    22:aa:53:7e:f0:66:61:ac:c8:1e:43:e3:87:6f:0a:
                    b0:5b:41:c1:a7:4a:b2:db:b8:99:c0:93:2c:be:e1:
                    90:df:fa:79:2b:5b:0a:e2:e1:fc:d7:3f:29:da:2e:
                    04:ea:bb:7f:fd:00:2d:94:ab:7d:13:e4:96:e7:c7:
                    23:f5:50:d0:a2:45:b1:f2:8d:ef:cb:39:91:74:ac:
                    43:ca:93:d1:4d:5e:ed:b5:6a:7a:49:6c:60:ec:c5:
                    05:65:61:68:fe:f0:14:bd:8a:b3:a1:ec:36:82:f7:
                    37:a9:d6:82:a9:d9:db:59:36:00:9b:b1:ac:39:b5:
                    79:36:f4:b9:56:1a:75:12:3a:44:da:51:5b:9f:9e:
                    8b:75:33:b3:19:58:44:74:70:ff:9b:78:d0:78:87:
                    65:58:83:11:80:b4:05:b5:c2:d2:ff:7c:67:9a:90:
                    53:ce:bf:14:2a:54:28:10:d1:0d:b6:da:87:4e:ec:
                    f6:6b:ac:05:04:ed:de:0b:6c:cc:58:29:d7:c4:25:
                    e3:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:FD:27:74:AD:87:10:5F:3C:B1:5C:0F:51:88:81:80:18:0B:2F:6E
            X509v3 Authority Key Identifier:
                keyid:71:90:F5:D5:F9:2A:48:63:62:17:7A:42:B3:D5:EF:DA:20:E2:20:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cZD11fkqSGNiF3pCs9Xv2iDiIOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/68a014-7dba-4430-8dde-01c827d6e0fe/1/Mv0ndK2HEF88sVwPUYiBgBgLL24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/68a014-7dba-4430-8dde-01c827d6e0fe/1/cZD11fkqSGNiF3pCs9Xv2iDiIOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:dc:a7:61:e9:8f:cd:0e:ce:4e:9d:c5:54:a7:c9:97:fb:4c:
         80:fc:1a:df:b1:84:8c:f8:60:f6:63:f9:8b:a5:7c:a1:e2:d6:
         9b:24:03:90:2f:83:17:d7:60:4d:38:29:71:dc:e1:da:a8:c9:
         b8:00:18:a0:ad:b6:84:0c:c2:4a:54:a0:16:92:44:43:b7:97:
         7d:f6:a6:ba:3c:77:85:36:21:50:a1:d5:45:11:0f:9e:f2:88:
         eb:04:64:2c:59:91:10:98:96:88:79:68:71:99:9f:5a:ef:13:
         87:e8:0e:42:67:6c:17:8a:71:b2:58:51:bb:8e:7e:16:1b:3f:
         b4:1f:9a:f6:46:6b:d8:3f:3c:27:e4:b4:72:2e:4e:c0:22:af:
         0a:19:99:6e:c9:0f:04:66:75:54:62:41:a5:51:34:77:fc:be:
         a4:3d:b3:5e:ed:0c:c4:e7:23:bc:e7:b5:b7:93:bc:af:a8:88:
         de:4a:0f:c8:71:f4:cb:3c:05:2d:7d:20:72:86:1b:31:23:49:
         be:a8:94:7e:4d:fc:95:ae:cc:0c:af:85:1b:6f:8b:a8:87:4a:
         00:63:5b:f7:a1:d6:9e:3e:c8:ea:9f:02:40:b1:1e:cd:85:5d:
         e7:46:14:02:26:42:44:41:fb:e1:16:26:da:51:6d:ea:fb:e6:
         5a:0d:40:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3k87i8pgnNY1uPJCJPmzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxOTBmNWQ1ZjkyYTQ4NjM2MjE3N2E0MmIzZDVlZmRhMjBl
MjIwZTEwHhcNMjQwMTAyMDYzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmZkMjc3NGFkODcxMDVmM2NiMTVjMGY1MTg4ODE4MDE4MGIyZjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmLlt2S0nNvAPJ1lm0v2tz4Ac977
xw6IbZ6X2golyn+wlu3TErT1SBUgdRzHTV+5G822ibFlSsJnYsEiqlN+8GZhrMge
Q+OHbwqwW0HBp0qy27iZwJMsvuGQ3/p5K1sK4uH81z8p2i4E6rt//QAtlKt9E+SW
58cj9VDQokWx8o3vyzmRdKxDypPRTV7ttWp6SWxg7MUFZWFo/vAUvYqzoew2gvc3
qdaCqdnbWTYAm7GsObV5NvS5Vhp1EjpE2lFbn56LdTOzGVhEdHD/m3jQeIdlWIMR
gLQFtcLS/3xnmpBTzr8UKlQoENENttqHTuz2a6wFBO3eC2zMWCnXxCXj7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDL9J3SthxBfPLFcD1GIgYAYCy9uMB8GA1UdIwQY
MBaAFHGQ9dX5KkhjYhd6QrPV79og4iDhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1pEMTFma3FTR05pRjNwQ3M5WHYyaURpSU9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS82OGEwMTQtN2RiYS00NDMwLThkZGUt
MDFjODI3ZDZlMGZlLzEvTXYwbmRLMkhFRjg4c1Z3UFVZaUJnQmdMTDI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS82OGEwMTQtN2RiYS00NDMwLThkZGUtMDFjODI3ZDZlMGZl
LzEvY1pEMTFma3FTR05pRjNwQ3M5WHYyaURpSU9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/XLMA0G
CSqGSIb3DQEBCwUAA4IBAQBh3Kdh6Y/NDs5OncVUp8mX+0yA/BrfsYSM+GD2Y/mL
pXyh4tabJAOQL4MX12BNOClx3OHaqMm4ABigrbaEDMJKVKAWkkRDt5d99qa6PHeF
NiFQodVFEQ+e8ojrBGQsWZEQmJaIeWhxmZ9a7xOH6A5CZ2wXinGyWFG7jn4WGz+0
H5r2RmvYPzwn5LRyLk7AIq8KGZluyQ8EZnVUYkGlUTR3/L6kPbNe7QzE5yO857W3
k7yvqIjeSg/IcfTLPAUtfSByhhsxI0m+qJR+TfyVrswMr4Ubb4uoh0oAY1v3odae
PsjqnwJAsR7NhV3nRhQCJkJEQfvhFibaUW3q++ZaDUBt
-----END CERTIFICATE-----